>
>
> >     On average, around 15 million TLS connections are established with
> >     Cloudflare per second. Upgrading each to ML-DSA, would take
> >     1.8Tbps, which is 0.6% of our current total network capacity. No
> >     problem so far. The question is how these extra bytes affect
> >     performance.
> >     Back in 2021, we ran a large-scale experiment to measure the
> >     impact of big post-quantum certificate chains on connections to
> >     Cloudflare’s network over the open Internet. There were two
> >     important results. First, we saw a steep increase in the rate of
> >     client and middlebox failures when we added more than 10kB to
> >     existing certificate chains.
> >
> Would you be willing to share some numbers around the increase in
> failures?


Details are in our 2021 blog post
https://blog.cloudflare.com/sizing-up-post-quantum-signatures/


> What do you think might've been the cause for increased
> failures at clients and middleboxes?

One hypothesis I have is
> TLS-related DPI might allocate a certain buffer to capture the
> handshake, which was now being crossed.
>

That could well be one cause. 16MB chains are allowed by the spec, but most
TLS libraries reject shorter chains. Back in 2021 I saw that OpenSSL
rejected chains longer than 106kB, and Go rejects them if they're longer
than 64kB. That's still well above 13kB, but there could be middleboxes
that picked a shorter buffer length.

Note that this is problematic for those that only want to deploy a single
certificate "chameleon hybrids".

Best,

 Bas


>
> Regards,
>
> Raghu Saxena
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-le...@ietf.org
>
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org

Reply via email to